Security Watch | Matt Hines » How to catch a spy or insider threat

June 28, 2007 | Comments: (0)

How to catch a spy or insider threat

TAGS: Security

The Office of the National Counterintelligence Executive (ONCIX) -- part of the federal government's Office of the Director of National Intelligence -- has released a set of guidelines meant to help agencies identify potential insider threats to information security, including spies.

The ONCIX -- which is led by Joel F. Brenner, the United States National Counterintelligence Executive and Mission Manager for Counterintelligence -- said that it produced the guide to help government workers understand their responsibilities for reporting suitability issues and potential espionage indicators" in their colleagues' behavior patterns.

While the list of suspicious acts is no panacea for ferreting-out government workers who may be involved in some form of espionage or IT attack, the agency said that it believes that by watching-out for the warning signs of inappropriate activity government employees can help deter some potential threats to national security.

"There is no established formula for recognizing that someone is involved in espionage; this much can be seen even in a brief review of many of the espionage cases against the United States, which have occurred over past years, the ONCIX said in a forward to its guide. "However, certain situational factors or suitability issues can make an individual predisposed to volunteer to spy or vulnerable to exploitation by foreign intelligence officers."

According to the government's research, most known American spies (roughly 80 percent) demonstrated one or more of the listed conditions or behaviors of security concern before they engaged in espionage.

"Reporting suitability issues is a protective or preventive measure that can help to head-off a developing problem that could lead to spying for a foreign government," the report reads. "While reports of behaviors of security concern or personal crises by co-workers have led to the apprehension of some American spies, reluctance to report these issues has also allowed other spies to persist in their crimes."

The ONCIX further stated that government researchers have deduced that one-third of all espionage carried out against the U.S. since 1945 was executed by individuals with security clearances who worked in either the intelligence or communications fields.

"In many cases of insider espionage, an individual's colleagues or friends did not act on indicators and the case went on for longer than necessary," the guide contends.

Among the lists of behavior patters it warns employees to watch out for are so-called "suitability issues," or evidence of personal problems outside of the workplace.

Those include:

-Drug or alcohol abuse.
-Repeated irresponsibility.
-An "above the rules" attitude.
-Financial irresponsibility.
-Repeated impulsive behaviors.
-Extreme immaturity.
-Willingness to violate the rights of others to achieve one’s own ends.
-Accumulating or overwhelming life crises or career disappointments.
-Willingness to break rules or violations of laws and regulations.

In terms of "potential espionage indicators," the report lists:

-Unexplained affluence
-Failing to report overseas travel
-Showing unusual interest in information outside the job scope.
-Keeping unusual work hours.
-Taking classified material home.
-Unreported or concealed contacts with foreign nationals
-Unreported contact with foreign government, military, or intelligence officials.
-Attempting to gain new accesses without the need to know.
-Unexplained absences.

Such actions are to be considered particularly questionable for people who have access to classified data, according to the report.

In the arena of misuse of classified information and computers, the document advises to beware of people who violate the need-to-know principle commonly espoused in the federal sector, or those who repeatedly make inquiries about "operations and projects to which they no longer have access.

Among the specific acts it lists as cause for concern in the area of mishandling information are:

-Revelations to unauthorized persons.
-Leaks to media. (Boo, hiss….)
-Unauthorized contact with media.
-Unauthorized removals, including magnetic media.
-Collecting/storing classified material outside approved facilities.
-Lax security habits that resist management counseling
-Statements or actions that demonstrate an individual believes that the rules do not apply to him/her.

The report specifically warns workers to look out for activity such as discussing classified information on non-secure phone, improperly securing classified information or areas, and working on classified material at home. (Hello VA data breach!)

In the area of misusing computers the guide lists sins including:

-Accessing databases without authorization.
-Unauthorized searching/browsing through computer libraries.
-Unauthorized purposeful destruction of information on agency computers.

Posted by Matt Hines on June 28, 2007 01:53 PM

RATE THIS ARTICLE: